Endian UTM SofTwarE · rity services such as stateful inspection firewall, VPN, gateway anti-virus,...
Transcript of Endian UTM SofTwarE · rity services such as stateful inspection firewall, VPN, gateway anti-virus,...
Security with Passionwww.endian.com
Endian UTM SofTwarE
Network Security for Small to large BuSiNeSS
Scalability: Delivers a highly scalable solution to both small- and
mid-size companies
Complete Security: Protect your critical business resources
Build Your Own: Runs on virtually any hardware platform
Endian UTM Software Appliance offers the same technology that resides in the Endian Unified Threat Management (UTM) hardware appliances, making it possible to turn any PC into a full featured security appliance. Unleash the power of Endian UTM using your preferred hardware to enable comprehensive security for your whole network infrastructure. Integrated secu-rity services such as stateful inspection firewall, VPN, gateway anti-virus, anti-spam, Web security, and e-mail content filtering offer granular protection in a single system, reducing management time and costs. Endian designed UTM Software Appliance to meet the needs of every business from small to large, providing maximum protection for your network.
Powered Network Security: Stateful inspection firewall and advanced networking features to protect your network.
Quality of Service and Bandwidth Management: to guarantee the best quality for VoIP calls and critical ser-vices in your network.
Intrusion Prevention System: powered by Snort. Pa-ckets that match any of the configured rules can be allowed, blocked or logged.
Hotspot: Enable secure Internet access in public areas for wireless and wired networks.
VPN: Secure communication with branch/remote offices and teleworkers. Work anywhere, anytime.
Mail Security: Gateway anti-spam, anti-virus to protect your day-to-day e-mail communication.
High Availability: Keep your network up and running even after an Internet connection or hardware failure.
Endian Network: Centralize the configuration and up-date management of multiple appliances.
Web Security: Strong authentication, anti-virus and con-tent filtering for secure Internet access
Event handling and notification: on predefined events e-mail notifications are automatically sent to the system ad-ministrator.
Turn any PC into a Unified Threat Management Appliance
It‘s all in your hardware
Centralized Management
Firewall Network Security
High Availability
Email Security
Logging/Reporting
Web Security
Updates and Backup
VPN (SSL & IPsec)
Disaster Recovery
Hotspot
IPS
Endian UTM Softwarewww.endian.com
Endian UTM Software FeaturesNetwork Security• Stateful packet firewall• Application control (over 160 pro-
tocols including Facebook, Twitter, Skype, WhatsApp and more)
• Demilitarized zone (DMZ)• Intrusion detection and prevention• Multiple public IP addresses• Multiple WAN• Quality of service and bandwidth
management• SNMP support• VoIP/SIP support• SYN/ICMP flood protection• VLAN support (IEEE 802.1Q
trunking)• DNS proxy/routing• Anti-spyware• Phishing protection
Web Security• HTTP & FTP proxies• HTTPS filtering• Transparent proxy support• URL blacklist• Authentication: Local, RADIUS,
LDAP, Active Directory• NTLM single sign-on• Group-based and user-based web
content filter• Time based access control with
multiple time intervals• Panda anti-virus• Cyren URL filter
Mail Security• SMTP & POP3 proxies• Anti-spam with bayes, pattern
and SPF• Heuristics, black- and whitelists
support• Anti-virus• Transparent proxy support• NEW Email quarantine manage-
ment• Spam auto-learning• Transparent mail forwarding (BCC)• Greylisting• Cyren anti-spam• Panda anti-virus
WAN Failover• Automatic WAN uplink failover• Monitoring of WAN uplinks• Uplink types: Ethernet (static/
DHCP), PPPoE, PPTP• Support for UMTS/GPRS/3G USB
dongles
User Authentication• Active Directory / NTLM• LDAP• RADIUS• Local
Virtual Private NetworkingIPsec• Encryption: Null, 3DES, CAST-
128, AES 128/192/256-bit, • Blowfish 128/192/256-bit,
Twofish 128/192/256-bit,• Serpent 128/192/256-bit,
Camellia 128/192/256-bit• Hash algorithms: MD5, SHA1,
SHA2 256/384/512-bit, AESXCBC• Diffie Hellman modes: 1, 2, 5, 14,
15, 16, 17, 18, 22, 23, 24• Authentication: pre-shared key
(PSK), RSA keys• X.509 certificates• IKEv1, IKEv2• Dead Peer Detection (DPD)• NAT traversal• Compression• Perfect Forward Secrecy (PFS)• VPN Site-to-Site• VPN Client-to-Site (roadwarrior)• L2TP user authentication• XAUTH user authentication
OpenVPN• Encryption: DES, 3DES, AES
128/192/256-bit, CAST5, Blowfish
• Authentication: pre-shared key, X.509 certificates
• Support for VPN over HTTP Proxy• PPTP passthrough• VPN client-to-site (roadwarrior)• VPN client for Microsoft Windows,
Mac OS X and Linux• Possibility of multiple logins per user• VPN failover• Multiple server support• Support for mobile devices (Andro-
id, iOS) VPN Portal for Clientless Connections• NEW Web-based access to internal
resources• NEW Configurable portal page• NEW Support for multiple desti-
nations• NEW Destination-based authenti-
cation• NEW SSL offloading
User Management & Authentication• Unified user management for
OpenVPN, L2TP, XAUTH, VPN Portal
• Group management• Integrated certificate authority• External certificate authority
support• User password and certificate
management• Multiple authentication servers
(local, LDAP, Active Directory)
BYOD / Hotspot• Configurable captive portal• Free access to allowed sites (wal-
led garden)• Wired / wireless support• Integrated RADIUS service• Connection logging• Per-user and global bandwidth
limiting• MAC-address based user accounts• NEW Configurable multiple logins
per user• User accounts import/export via CSV• User password recovery• Automatic client network confi-
guration (support for DHCP and static IP)
• Fully integrated accounting• Generic JSON API for external
accounting and third party integration
• Instant WLAN ticket shop (Smart-Connect)
• Single-click ticket generation (Quick ticket)
• SMS/e-mail user validation and ticketing
• Pre-/postpaid and free tickets• Time-/trafficbased tickets• Configurable ticket validity• Terms of Service confirmation• MAC address tracking for free
hotspots• Cyclic/recurring tickets (daily,
weekly, monthly, yearly)• Remember user after first authenti-
cation (SmartLogin)• External authentication server
(Local, LDAP, Active Directory, RADIUS)
Network Address Translation• Destination NAT• Incoming routed traffic• One-to-one NAT• Source NAT (SNAT)• IPsec NAT traversal
Routing• Static routes• Source-based routing• Destination-based routing• Policy-based routing (based on
interface, MAC address, protocol or port)
Bridging• Firewall stealth mode• OSI layer 2 firewall functionality• Spanning tree• Unlimited interfaces per bridge
High Availability• Hot standby (active/passive)• Node data/configuration synchro-
nization
Event Management• NEW More Than 30 Individually
Configurable Events• Email Notifications• NEW SMS Notifications• NEW Powerful Python Scripting
Engine
Logging and Reporting• Reporting dashboard• Detailed system, web, email,
attack and virus reports• Live network traffic monitoring
(powered by ntopng)• Live log viewer• Detailed user-based web access
report (not in 4i, Mini)• Network/system/performance
statistics• Rule-based logging settings (fire-
wall rules)• Syslog: local or remote• OpenTSA trusted timestamping
Extra Services• NTP (Network Time Protocol)• DHCP server• SNMP server• Dynamic DNS
Management / GUI• Centralized management through
Endian Network (SSL)• Easy Web-Based Administration
(SSL)• Multi-language web-interface (En-
glish, Italian, German, Japanese, Spanish, Portuguese, Chinese, Russian, Turkish)
• Secure remote SSH/SCP access • Serial console
Updates and Backups• Centralized updates through
Endian Network• Scheduled automatic backups• Encrypted backups via email• Instant recovery / Backup to USB
stick (Endian Recovery Key)
CPU:
Intel x86 compatible (1GHz minimum, Dual-core 2 GHz recom-
mended), including VIA, AMD Athlon, Athlon 64, Opteron, Intel
Core 2 Duo, Xeon, Pentium and Celeron processors
Multi-Processor: Symmetric multi-Processor (SMP) support included
RAM: 512MB minimum (1 GB recommended)
Disk:SCSI, SATA, SAS or IDE disk is required (8GB minimum 20GB
recommended)
Software RAID:For software RAID1 (mirroring) two disks of the same type (the
capacity needn't be the same) are required
CDROM:An IDE, SCSI or USB CDROM drive is required for installation
(not required after installation)
Network Cards:Most common Network Interface Cards are supported including
Gigabit and fiber NICs
Monitor/ Keyboard: Only required for the installation but not for configuration and use
Operating System: Endian Firewall includes a Hardened Linux Based Operating System
System Requirements/Hardware Support
© 2014 Endian SRL. Subject to change without notice. Endian and Endian UTM are trademarks of Endian SRL. All other trademarks and registered trademarks are the property of their respective owners.
Endian InternationalTel: +39 0471 631 763E-mail: [email protected]
Endian ItaliaTel: +39 0471 631 763E-mail: [email protected]
Endian DeutschlandTel: +49 (0) 8106 30750 - 13E-mail: [email protected]
Endian USTel: +1 832 775 8795E-mail: [email protected]
Endian JapanTel: +81 3 680 651 86E-mail: [email protected]
Endian Turkey - EndPoint-LabsTel: +90 216 222 2933E-mail: [email protected]